Starting point, challenges and motivation

The market for safety-critical embedded systems is large and steadily increasing. According to a study by the international ARC Advisory Group, the safety systems and critical control system market grows at an average annual rate of over 7% per year, to over €900 million in 2008.

According to the Joint Technology Platform ARTEMIS, embedded technologies and embedded systems are the fastest growing sector of information and still hold many unexplored business opportunities. As the ARTEMIS Strategic Research Agenda from March 2006 states, already, 90% of computing devices are in Embedded Systems, and with current growth rates the number of embedded programmable components will reach 16 billion by 2010 (nearly 3 embedded devices per person on Earth) and over 40 billion worldwide by 2020. But as the pervasiveness of embedded devices increases, so do the challenges in technology, interoperability, standardisation, methodology, safety, and security.”

The industry developing safety-critical embedded systems is severely suffering from design practices that lead to unpredictable system behaviour. The determination of guarantees for non-functional requirements is postponed to a late design stage, and then often fails because of design decisions taken earlier.

As a result, the development of resource-constrained embedded systems currently experiences a costly feedback loop. Systems are designed and implemented without consideration of resource constraints. These are only regarded in a later validation phase. Violation of the resource constraints lead to re-design, re-implementation, and a new attempt at validation.

In the automotive domain, typical products such as combust engine control units, ABS or ESP systems have variance in their software implementation due to the high number of car variants. Cost effectiveness, however, depends on the re-use of common software elements. Resource consumption is not regarded early in the development process because worst-case assumptions are considered to be too pessimistic. This leads to high costs for testing possible corner cases. Furthermore, the testing is still incomplete with respect to the worst-case scenarios.

The famous Pentium bug has given hardware verification the breakthrough push. Intel recently revealed that the costs of the Pentium bug extrapolated to today would be at €2.6 billion. The safety-critical embedded systems industry faces similar threats in case of failure of their systems.

The verification/certification efforts consume up to 80% of the total development effort. For example, Boeing and its suppliers have spent a total of $800,000,000 on the certification of the Boeing 777. Significant savings could be achieved if the validation of non-functional properties were simplified by designing predictable systems and the necessary verification tools.

In the automotive sector, about 20% of the value of each car today is due to embedded electronics. This is expected to increase to an average of 35-40%. This will lead to a higher complexity of electronically connected devices. Verification of timing constraints will become impossible by testing.

The increasing number of software functions in vehicles require more powerful and complex hardware architectures. However, most innovation in hardware design lead to less predictable systems (caches, multi-core processors). Since automotive systems have a great need for dependability, the impact of the introduction of such systems is unknown and risky.

There is a strong need for a methodology that would reconcile system efficiency and predictability. Establishing such a methodology will have a very strong impact on system design and implementation practice in the industry, a strong scientific impact on architecture principles, and a technological impact in the field of tool support for embedded systems design.

This is where PREDATOR comes in. Steered by Airbus and Bosch, two key industrial players with vast experience in the development of safety-critical real-time embedded systems, PREDATOR aims at:

PREDATOR will pave the way to new generic architectures similar to the introduction of RISC architectures by not abstracting away the computer organisation layer. The project will also attempt to exert a strong influence on operating systems or programming language design. In the longer term, PREDATOR will have a strong impact in the embedded system industry, improving reliability and reducing hardware costs.

The consortium members will develop methods for system design that increase system development productivity aiming in particular at predictable system properties. The methodology aims at building and verifying heterogeneous embedded systems, i.e. embedded systems from components with different characteristics. Adaptivity will be offered on the basis of reliably determined performance bounds. The predictability of extra-functional properties such as timing and energy performance plays a key role. Tool chains for designing embedded systems as offered by the participating partners will be integrated to respond to the needs of the industry.

The PREDATOR methods will enable embedded systems to be designed in a resource-aware way. This will eliminate unnecessary feedback loops, considerably reduce costs, and shorten the time to market.